Add a separate te file for the following shell scripts

* init.qcom.sensors.sh * init.qti.ims.sh * init.qcom.crashdata.sh Add te files for ims, crashdata and sensors shell scripts Change-Id: If482df2e2ef2dc257b79cece2bb1eb5f812007d2
2018-01-25 11:56:24 -08:00
parent 7962575a24
commit b73ca02e5a
8 changed files with 127 additions and 6 deletions
--- a/vendor/common/file_contexts
+++ b/vendor/common/file_contexts
@@ -339,7 +339,7 @@
 /(vendor|system/vendor)/bin/init\.qcom\.sh              u:object_r:qti_init_shell_exec:s0
 /(vendor|system/vendor)/bin/init\.qcom\.class_core\.sh  u:object_r:qti_init_shell_exec:s0
 /(vendor|system/vendor)/bin/init\.qcom\.coex\.sh        u:object_r:qti_init_shell_exec:s0
-/(vendor|system/vendor)/bin/init\.qcom\.crashdata\.sh   u:object_r:qti_init_shell_exec:s0
+/(vendor|system/vendor)/bin/init\.qcom\.crashdata\.sh   u:object_r:init-qcom-crashdata-sh_exec:s0
 /(vendor|system/vendor)/bin/init\.qcom\.debug\.sh       u:object_r:qti_init_shell_exec:s0
 /(vendor|system/vendor)/bin/init\.qcom\.debug-sdm660\.sh    u:object_r:qti_init_shell_exec:s0
 /(vendor|system/vendor)/bin/init\.qcom\.debug-sdm670\.sh    u:object_r:qti_init_shell_exec:s0
@@ -347,9 +347,9 @@
 /(vendor|system/vendor)/bin/init\.qcom\.efs\.sync\.sh   u:object_r:qti_init_shell_exec:s0
 /(vendor|system/vendor)/bin/init\.qcom\.post_boot\.sh   u:object_r:qti_init_shell_exec:s0
 /(vendor|system/vendor)/bin/init\.qcom\.sdio\.sh        u:object_r:qti_init_shell_exec:s0
-/(vendor|system/vendor)/bin/init\.qcom\.sensors\.sh     u:object_r:qti_init_shell_exec:s0
+/(vendor|system/vendor)/bin/init\.qcom\.sensors\.sh     u:object_r:init-qcom-sensors-sh_exec:s0
 /(vendor|system/vendor)/bin/init\.qcom\.syspart_fixup\.sh   u:object_r:qti_init_shell_exec:s0
 /(vendor|system/vendor)/bin/init\.qcom\.usb\.sh         u:object_r:qti_init_shell_exec:s0
 /(vendor|system/vendor)/bin/init\.qcom\.wifi\.sh        u:object_r:qti_init_shell_exec:s0
-/(vendor|system/vendor)/bin/init\.qti\.ims\.sh          u:object_r:qti_init_shell_exec:s0
+/(vendor|system/vendor)/bin/init\.qti\.ims\.sh          u:object_r:init-qti-ims-sh_exec:s0
 /(vendor|system/vendor)/bin/qca6234-service.sh          u:object_r:qti_init_shell_exec:s0
--- a/vendor/common/init-qcom-crashdata-sh.te
+++ b/vendor/common/init-qcom-crashdata-sh.te
@@ -0,0 +1,37 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#    * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type init-qcom-crashdata-sh, domain;
+type init-qcom-crashdata-sh_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(init-qcom-crashdata-sh)
+
+allow init-qcom-crashdata-sh vendor_shell_exec:file rx_file_perms;
+allow init-qcom-crashdata-sh vendor_toolbox_exec:file rx_file_perms;
+
+set_prop(init-qcom-crashdata-sh, crash_cnt_prop)
+set_prop(init-qcom-crashdata-sh, crash_detect_prop)
--- a/vendor/common/init-qcom-sensors-sh.te
+++ b/vendor/common/init-qcom-sensors-sh.te
@@ -0,0 +1,42 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#    * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type init-qcom-sensors-sh, domain;
+type init-qcom-sensors-sh_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(init-qcom-sensors-sh)
+
+allow init-qcom-sensors-sh vendor_shell_exec:file rx_file_perms;
+allow init-qcom-sensors-sh vendor_toolbox_exec:file rx_file_perms;
+
+r_dir_file(init-qcom-sensors-sh, persist_file)
+r_dir_file(init-qcom-sensors-sh, persist_sensors_file)
+
+allow init-qcom-sensors-sh persist_sensors_file:file setattr;
+allow init-qcom-sensors-sh sensors_device:chr_file r_file_perms;
+
+set_prop(init-qcom-sensors-sh, sensors_prop)
--- a/vendor/common/init-qti-ims-sh.te
+++ b/vendor/common/init-qti-ims-sh.te
@@ -0,0 +1,36 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#    * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type init-qti-ims-sh, domain;
+type init-qti-ims-sh_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(init-qti-ims-sh)
+
+allow init-qti-ims-sh vendor_shell_exec:file rx_file_perms;
+allow init-qti-ims-sh vendor_toolbox_exec:file rx_file_perms;
+
+set_prop(init-qti-ims-sh, system_prop)
--- a/vendor/common/init_shell.te
+++ b/vendor/common/init_shell.te
@@ -66,9 +66,7 @@ allow qti_init_shell sysfs_devices_system_cpu: { dir file lnk_file } relabelto;

 # To start sensors for DSPS enabled platforms
 r_dir_file(qti_init_shell, persist_file)
-r_dir_file(qti_init_shell, persist_sensors_file)
 r_dir_file(qti_init_shell, persist_bluetooth_file)
-allow qti_init_shell persist_sensors_file:file setattr;

 allow qti_init_shell { proc proc_net}:file write;
 allow qti_init_shell proc_net:file r_file_perms;
@@ -126,7 +124,6 @@ allow qti_init_shell proc:dir w_file_perms;

 allow qti_init_shell post_boot_prop:property_service set;
 allow qti_init_shell proc:dir add_name;
-allow qti_init_shell sensors_device:chr_file r_file_perms;
 allow qti_init_shell sysfs:file w_file_perms;
 allow qti_init_shell sysfs_devices_system_cpu:dir w_dir_perms;
 allow qti_init_shell sysfs_devices_system_cpu:file w_file_perms;
--- a/vendor/common/property.te
+++ b/vendor/common/property.te
@@ -1,6 +1,8 @@
 type camera_prop, property_type;
 type cnd_prop, property_type;
 type cnss_diag_prop, property_type;
+type crash_cnt_prop, property_type;
+type crash_detect_prop, property_type;
 type ctl_hbtp_prop, property_type;
 type debug_gralloc_prop, property_type;
 type ims_prop, property_type;
@@ -13,6 +15,7 @@ type per_mgr_state_prop, property_type;
 type post_boot_prop, property_type;
 type qti_prop, property_type;
 type ramdump_prop, property_type;
+type sensors_prop, property_type;
 type ssr_prop, property_type;
 type sys_time_prop, property_type;
 type sys_usb_configfs_prop, property_type;
--- a/vendor/common/property_contexts
+++ b/vendor/common/property_contexts
@@ -2,6 +2,7 @@ ctl.hbtp                   u:object_r:ctl_hbtp_prop:s0
 ctl.ipacm                  u:object_r:ipacm_prop:s0
 ctl.ipacm-diag             u:object_r:ipacm-diag_prop:s0
 ctl.qti                    u:object_r:qti_prop:s0
+ctl.sensors                u:object_r:sensors_prop:s0
 ctl.thermal-engine         u:object_r:thermal_prop:s0
 debug.gralloc.             u:object_r:debug_gralloc_prop:s0
 debug.ramdump.             u:object_r:ramdump_prop:s0
@@ -16,6 +17,8 @@ persist.sys.cnss.          u:object_r:cnss_diag_prop:s0
 persist.sys.crash_rcu      u:object_r:ramdump_prop:s0
 persist.sys.modem.diag.    u:object_r:modem_diag_prop:s0
 persist.vendor.sys.cnd     u:object_r:cnd_prop:s0
+persist.vendor.crash.cnt   u:object_r:crash_cnt_prop:s0
+persist.vendor.crash.detect u:object_r:crash_detect_prop:s0
 radio.                     u:object_r:radio_prop:s0
 rcs.publish.status         u:object_r:radio_prop:s0
 sys.ims.                   u:object_r:ims_prop:s0
--- a/vendor/common/sensors.te
+++ b/vendor/common/sensors.te
@@ -27,3 +27,6 @@ r_dir_file(sensors, sysfs_msm_subsys)

 allow sensors ion_device:chr_file r_file_perms;
 allow sensors qdsp_device:chr_file r_file_perms;
+
+# For reading dir/files on /dsp
+r_dir_file(sensors, adsprpcd_file)